As a best practice, do not use the AWS account root user for any task where it’s not required. Instead, create a new IAM user for each person that requires administrator access. Then make those users administrators by placing the users into an "Administrators" group to which you attach the AdministratorAccess managed policy.
Thereafter, the users in the administrators group should set up the groups, users, and so on, for the AWS account. All future interaction should be through the AWS account’s users and their own keys instead of the root user.
However, to perform some account and service management tasks, you must log in using the root user credentials. To view the tasks that require you to sign in as the root user, see AWS Tasks that Require Account Root User.
This procedure describes how to use the AWS Management Console to create an IAM user for yourself and add that user to a group that has administrative permissions from an attached managed policy.
If you followed the steps in the previous section, you used the AWS Management Console to set up an administrators group while creating the IAM user in your AWS account. This procedure shows an alternative way to create a group.
This section shows how to create a group in the IAM system.
This section shows how to attach a policy that lets any user in the group perform any action on any resource in the AWS account. You do this by attaching the AWS managed policy called ‘AdministratorAccess’ to the ‘Admins’ group. For more information about policies, see Access Management.